Insights & Resources

USDOE Warns K-12 Schools About Ransom Attacks

The U.S. Department of Education has issued a “cyber advisory” to K-12 schools nationally about a disturbing development in internet criminal activity: demands for money which threaten to release confidential student information if payment is not made. Some of these extortion attempts have also included threats of violence directed at the school and in some instances, to individual students.

The warning, issued by the USDOE’s Privacy Technical Assistance Center (PTAC), was prompted by reports of data ransom attacks made against school districts in Texas, Iowa, and Montana, according to cited news media sources. These media sources identified an entity by the name of “DarkOverlordSolutions” as the originator of the threats. The PTAC bulletin notes that, thus far, none of the threats of violence have been deemed to be credible. The media reports, however, indicate that the “Dark Overlord” group has had some measure of success in its extortion threats against certain entertainment media sources, most notably Netflix.

School district IT administrators are advised by PTAC to review their network defenses, and in particular, to consider potential vulnerabilities which may exist in their student management software programs. Higher education institutions are likewise advised to familiarize themselves with the strategies employed in these recent attacks, and are directed to a special resource page for colleges and universities.

Questions concerning the above may be referred to the attorneys of the Education Practice Group at Bricker & Eckler LLP.

This article was reprinted from the “Bricker Bullet” that went out to BASA (Buckeye Association of School Administrators) members. Bricker Bullets are provided to BASA members as an informational service courtesy of the law firm of Bricker & Eckler LLP, a BASA Premier Partner. They are not intended to serve as legal opinion with respect to any specific person or factual situation.